diff --git a/product/ERP5Type/Core/Folder.py b/product/ERP5Type/Core/Folder.py
index be948ae1243cc7469a99646f117c23f444356cb5..07f03c1e30718b7bc23c77c64e76c1c4d1a7a490 100644
--- a/product/ERP5Type/Core/Folder.py
+++ b/product/ERP5Type/Core/Folder.py
@@ -45,6 +45,7 @@ from Products.ERP5Type import PropertySheet
 from Products.ERP5Type.XMLExportImport import Folder_asXML
 from Products.ERP5Type.Utils import sortValueList
 from Products.ERP5Type import Permissions
+from Products.ERP5Type.Globals import InitializeClass
 
 try:
   from Products.CMFCore.CMFBTreeFolder import CMFBTreeFolder
@@ -452,6 +453,7 @@ OFS_HANDLER = 0
 BTREE_HANDLER = 1
 HBTREE_HANDLER = 2
 
+InitializeClass(FolderMixIn)
 
 class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn):
   """
diff --git a/product/ERP5Type/tests/testFolder.py b/product/ERP5Type/tests/testFolder.py
index e0b09ee5c809694b510ef0e1e315db6da28dacca..ab30fbdfc6ef8c662d6fc6cfc41685d8b730dee5 100644
--- a/product/ERP5Type/tests/testFolder.py
+++ b/product/ERP5Type/tests/testFolder.py
@@ -252,6 +252,17 @@ class TestFolder(ERP5TypeTestCase, LogInterceptor):
       self.assertNotEquals(self.folder[obj.getId()].__class__, from_class)
       self.assertEquals([1], result)
 
+    def test_FolderMixinSecurity(self):
+      """ Test if FolderMix methods cannot be called by URL """
+      type_list = ['Folder']
+      self._setAllowedContentTypesForFolderType(type_list)
+      obj = self.folder.newContent(portal_type='Folder')
+      transaction.commit()
+      response = self.publish('%s/deleteContent?id=%s' % (
+              self.folder.absolute_url(relative=True), obj.getId()))
+      self.assertTrue(obj.getId() in self.folder.objectIds())
+      self.assertEquals(302, response.getStatus())
+
 def test_suite():
   suite = unittest.TestSuite()
   suite.addTest(unittest.makeSuite(TestFolder))